An anonymised copy of the database can be exported using tool_anon. By default, every string column will be replaced with random data.

See server/admin/tool/anon/readme.md for usage instructions for the export and restore tool.

However, some string columns must be preserved, or have custom handling, in order to keep a working site. This is done in install.xml

Customising redaction

The REDACT attribute can be added to either the table or field in db/install.xml for a component. Each one has different options available:

Table:

• unset: use default redactor class

• “skip”: do not export the table at all, e.g. used for log tables

• [fully qualified class name]: custom redactor class (see below)

Field:

• unset: redact string (see automatic redaction below)

• “null”: set field to null

• “false”: do not redact, export as-in

The REDACT attribute is only valid on string columns (text/char).

You can see some examples in practice by searching REDACT in server/lib/db/install.xml.

Redactor classes

You can subclass core\db\export\redactor and override with your own logic.

You will want to override either filter_row or filter_field. Examples can be found in core, e.g. server/lib/classes/db/export/redact/role.php.

The custom redactor class should be placed in the component that owns the table, not in core.

Automatic redaction

Strings will be replaced with random characters making up the same length.

The following are also automatically handled for you, and don’t need custom handling unless you want to do something different:

• null values: preserved

• empty string, “true”, “false”: preserved

• JSON objects/array: replaced with an empty object/array

• Weka/JSON_EDITOR documents: replaced with an empty document

• PHP serialized objects/array: replaced with an empty object/array